SVirt/TODO

From SELinux Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 00:47, 10 December 2008 (edit)
JamesMorris (Talk | contribs)
(Before v1.00)
← Previous diff
Revision as of 00:48, 10 December 2008 (edit) (undo)
JamesMorris (Talk | contribs)
m (Before v1.00)
Next diff →
Line 12: Line 12:
=== Before v1.00 === === Before v1.00 ===
-* MCS dynamic labeling for simple isolation.+* MCS dynamic labeling for simple isolation
-* Security review by KVM and core virt folk.+* Security review by KVM and core virt folk
* Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc. * Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc.
Line 20: Line 20:
* Integration with GUI tools (virt-manager etc.) * Integration with GUI tools (virt-manager etc.)
-* General OS integration.+* General OS integration
-* Basic storage labeling support.+* Basic storage labeling support
-* Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here).+* Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here)
-* Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki.+* Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki
-* Investigate generator.py for new API calls.+* Investigate generator.py for new API calls
-* Make autostart work properly.+* Make autostart work properly
-* Policy for /dev/kvm (and similar).+* Policy for /dev/kvm (and similar)
* Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc. * Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc.
-* Placement and policy for VM log files.+* Placement and policy for VM log files
-* Debug integration with audit subsystem.+* Debug integration with audit subsystem
-* Add testcases to libvirt test framework.+* Add testcases to libvirt test framework
-* Handle qemud restart.+* Handle qemud restart

Revision as of 00:48, 10 December 2008

Contents

sVirt To Do List

For v0.30

  • Fix have/with SELinux build configuration
  • Convert existing storage labeling



Before v1.00

  • MCS dynamic labeling for simple isolation
  • Security review by KVM and core virt folk
  • Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc.
  • Integration with GUI tools (virt-manager etc.)
  • General OS integration
  • Basic storage labeling support
  • Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here)
  • Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki
  • Investigate generator.py for new API calls
  • Make autostart work properly
  • Policy for /dev/kvm (and similar)
  • Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc.
  • Placement and policy for VM log files
  • Debug integration with audit subsystem
  • Add testcases to libvirt test framework
  • Handle qemud restart



Post v1.00

  • Support for session mode (not just system mode).
  • Make DOI configurable.
  • Migrate isolated domains between security models.
  • Deployment of labeled appliances via virt-image etc.
  • Migration of labeled domains.
  • Integration with virtual firewalling.
  • Integration with Labeled Networking/IPSec/Labeled NFS.
  • Extensive device labeling support.
Personal tools